From: Shane Lontis <shane.lontis@oracle.com>
Date: Thu, 12 Aug 2021 09:20:05 +0000 (+1000)
Subject: Change CTS CS3 (Kerberos) so that it accepts a 16 byte input block
X-Git-Tag: openssl-3.0.0~110
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7daabe78a04902d3ae53af3e4a2acfdf6a1f1ec9;p=thirdparty%2Fopenssl.git

Change CTS CS3 (Kerberos) so that it accepts a 16 byte input block

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16286)
---

diff --git a/providers/implementations/ciphers/cipher_cts.c b/providers/implementations/ciphers/cipher_cts.c
index 3e880931c13..5732ae19904 100644
--- a/providers/implementations/ciphers/cipher_cts.c
+++ b/providers/implementations/ciphers/cipher_cts.c
@@ -195,9 +195,13 @@ static size_t cts128_cs3_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
     aligned_16bytes tmp_in;
     size_t residue;
 
-    if (len <= CTS_BLOCK_SIZE)  /* CS3 requires 2 blocks */
+    if (len < CTS_BLOCK_SIZE)  /* CS3 requires at least one block */
         return 0;
 
+    /* If we only have one block then just process the aligned block */
+    if (len == CTS_BLOCK_SIZE)
+        return ctx->hw->cipher(ctx, out, in, len) ? len : 0;
+
     residue = len % CTS_BLOCK_SIZE;
     if (residue == 0)
         residue = CTS_BLOCK_SIZE;
@@ -231,9 +235,13 @@ static size_t cts128_cs3_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
     aligned_16bytes mid_iv, ct_mid, pt_last;
     size_t residue;
 
-    if (len <= CTS_BLOCK_SIZE) /* CS3 requires 2 blocks */
+    if (len < CTS_BLOCK_SIZE) /* CS3 requires at least one block */
         return 0;
 
+    /* If we only have one block then just process the aligned block */
+    if (len == CTS_BLOCK_SIZE)
+        return ctx->hw->cipher(ctx, out, in, len) ? len : 0;
+
     /* Process blocks at the start - but leave the last 2 blocks */
     residue = len % CTS_BLOCK_SIZE;
     if (residue == 0)
diff --git a/test/recipes/30-test_evp_data/evpciph_aes_cts.txt b/test/recipes/30-test_evp_data/evpciph_aes_cts.txt
index 0c22e9d9056..bd0f5ce7515 100644
--- a/test/recipes/30-test_evp_data/evpciph_aes_cts.txt
+++ b/test/recipes/30-test_evp_data/evpciph_aes_cts.txt
@@ -344,11 +344,32 @@ IV = 00000000000000000000000000000000
 Plaintext = 0102030405060708090A0B0C0D0E0F
 Result = CIPHERUPDATE_ERROR
 
-# 16 bytes should fail for CS3 (since it always needs 2 blocks).
+# 16 bytes input
+Cipher = AES-128-CBC
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 0102030405060708090A0B0C0D0E0F00
+Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e
+
+# 16 bytes with CS3 should return the same as plain CBC mode.
+Cipher = AES-128-CBC-CTS
+CTSMode = CS1
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 0102030405060708090A0B0C0D0E0F00
+Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e
+
+Cipher = AES-128-CBC-CTS
+CTSMode = CS2
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 0102030405060708090A0B0C0D0E0F00
+Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e
+
 Cipher = AES-128-CBC-CTS
 CTSMode = CS3
 Key = 636869636b656e207465726979616b69
 IV = 00000000000000000000000000000000
 Plaintext = 0102030405060708090A0B0C0D0E0F00
-Result = CIPHERUPDATE_ERROR
+Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e